SSTI - 1

We notice an input field that takes our input and redirects us to another page with our input printed.

I tried a XSS script and it worked it is irrelevant but let’s search more now from wappalyzer we are working with python so we should focus on SSTI for python.

I have searched until I found this repo Payload for SSTI python I have scrolled until I found an interesting one

1

{{ self.__init__.__globals__.__builtins__.__import__('os').popen('id').read() }}

This should Yield to execute the command id and it worked

So now we can execute commands now it is time to see where is the flag?

let’s use ls -a and it got this

So our final step will be to read the flag by cat flag